Now basically this is about doing what I've been thinking about for a long time - instead of everyone wasting ressources running SpamAssassin, bogofilter etc. to get rid of spam - we should be causing the spammer harm. Thus enabling us to solve the problem using the simple rules of ecoonmy, if their income is approaching negative, there's a good chance they will stop (or think of a way around this - which in my understanding should be hard).

It sounds good, but I think it will only work if some of the providers start using it. And it would be hard talking them into using this.

Edit: I haven't read all of the article (I stopped a bit after he started about TarProxy), but won't this also hurt the mailservers? It will at least make the number of connections go up quite a bit, right?

I think it's a great idea, in the future, all anti-spam solutions should be preventive (aggresive) and posibly distributed.
Actually, if there weren't open relays, you could just ddos spam servers just minues after they go active_________________I am Beta, don't expect correct behaviour from me.
Take part of the adopt an unaswered post initiative

I think this is a TERRIBLE idea. What it would do is give the spammers direct, immediate feedback on the algorithms used to detect them so that they can tailor the text of their spam to get through. It would end up defeating the whole purpose of statistical identification of spam. All they would have to do is tweak their messages till they got higher throughput rates and it would *defacto* increase our false-positive rate. The only thing we have going for us now is that they have no idea how well we can filter them out. With this system they would have feedback. I already get a few false-positives I never used to get - messages with only tiny amounts of text, no html, not a lot of blather, conversational. They will all be that way soon if a system like this gets widely implemented.

They will always be ahead, for the same reason that copy protection schemes will always be broken: there's more of them then people writing schemes, and they have a profit motive.

beat anyone who buys stuff from spammail with large sticks - thus removing the spammers income little by little - I'm betting people would rather live without penis enlargement magic cures than with several broken bones and a cracked scull

1) Colelct list of spammer IPs.
2) DDOS them for 24hrs. Make a program like SETI@HOME to ue unused network traffic to ddos spammers. I'd do it(use the program, i already tried to make one and decided i suck at programming)
3) less spam._________________Aim:gsfgf0

beat anyone who buys stuff from spammail with large sticks - thus removing the spammers income little by little - I'm betting people would rather live without penis enlargement magic cures than with several broken bones and a cracked scull

Like I've always said, just give me a carbine and a very large box of ammo, a list of address' and a free pardon.... no problem..._________________Where there's open source , there's a way.

I think this is a TERRIBLE idea. What it would do is give the spammers direct, immediate feedback on the algorithms used to detect them so that they can tailor the text of their spam to get through. It would end up defeating the whole purpose of statistical identification of spam. All they would have to do is tweak their messages till they got higher throughput rates and it would *defacto* increase our false-positive rate. The only thing we have going for us now is that they have no idea how well we can filter them out. With this system they would have feedback. I already get a few false-positives I never used to get - messages with only tiny amounts of text, no html, not a lot of blather, conversational. They will all be that way soon if a system like this gets widely implemented.

They will always be ahead, for the same reason that copy protection schemes will always be broken: there's more of them then people writing schemes, and they have a profit motive.

Summary: TERRIBLE IDEA. DONT DO IT.

-Jeff

Tools like SpamAssassin are OSS you know... People can freely browse through the code to look at the filters..._________________Life is like a box of chocolates... Before you know it, it's empty...

Sure they can - but most of them don't, I'll warrant. Most don't even know about it, because their primary mark is a windows client. But you start throttling their pipeline and their going to figure it out damn fast, I guarentee it. Every one of them.

Sure they can - but most of them don't, I'll warrant. Most don't even know about it, because their primary mark is a windows client. But you start throttling their pipeline and their going to figure it out damn fast, I guarentee it. Every one of them.

Sure they can - but most of them don't, I'll warrant. Most don't even know about it, because their primary mark is a windows client. But you start throttling their pipeline and their going to figure it out damn fast, I guarentee it. Every one of them.

He's probably a spammer as he's getting scared already...

When I got spam I reply approx. 10000 mails and so long noone send me this shit twice. Maybe my mail address moved to blacklist (actually I dont use my address to reply). Looks like I am spammer too.... _________________"Yes, I know Linux runs faster, but they can do that because they have thrown out the weight of the airbag, collision frame and safety belt." —Poul-Henning Kamp

1) Colelct list of spammer IPs.
2) DDOS them for 24hrs. Make a program like SETI@HOME to ue unused network traffic to ddos spammers. I'd do it(use the program, i already tried to make one and decided i suck at programming)
3) less spam.

not quite wise

i got a box running an smtp server. spammers use that to flood emails until setting up a pop-before-smtp. my point is not every spammer's ip is the really ip of them, they sometimes are also victims_________________oh~~doooom, plz, don't speak Italian to me.

When I got spam I reply approx. 10000 mails and so long noone send me this shit twice. Maybe my mail address moved to blacklist (actually I dont use my address to reply). Looks like I am spammer too....

OUCH. I hope you're joking... since if you aren't, all those innocent people whose addresses spammers have forged their From: headers as hate you if you aren't._________________<laurentius> gentoo linux?
<ari> Yesh.
<laurentius> they look horny

Spammers almost never spam from their real point of origin. What do you think the main point of hacking into other people's computers is? Its to set up temporary distribution centers for, basically, illegal activities like spamming which would have their own ISP's shutting them down. Most of the time if you reply to a spammer it just bounces back, so if you reply with "10000" emails, you are flaming yourself with all the returned messages. Pretty dumb. I used to contact the source ISP as near as I could determine it, but found it was basically futile - a waste of time. The few spams that have enough true info in the header to get that close to their ISP's are located in countries that don't care, run by ISP's that basically exist to sell access to spammers. Best to just block those domains with a blacklist. But all the other spam is just hard to stop at its source. Filtering is the best method, and I sure don't want them having any more insight into it than they already do, which is exactly what they would be forced to have if you throttle their throughput as a function of how much it "looks like spam".

Well, if spammers try to change their messages to look more 'legitimate', there is still going to be a pattern, and any time we see a message that went into our inbox instead of the spam folder, just check it as such and delete it. Thus the algorithms to detect spam can evolve. I seriously am not convinced, however, that they can change enough to make a significant dent in what gets through the filter or false positives, at least long term, even if they have some feedback. Remember, their motive is try to sell people stuff, so there are going to be some pretty obvious patterns unless they completely abandon their sales pitch in the content of the email, which I think will be less effective at targeting those people that DO read spam._________________The Congress shall have power...To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries; --U.S. Constitution. Article 1, Section 8.

You'all might wanna take a look at Daniel Hartmeier's setup for annoying spammers. it is not based on what looks like spam, but on official and local blacklists. It sure looks like a good idea to me and i will setup it up meself in the near future.
http://www.benzedrine.cx/relaydb.html

When I got spam I reply approx. 10000 mails and so long noone send me this shit twice. Maybe my mail address moved to blacklist (actually I dont use my address to reply). Looks like I am spammer too....

OUCH. I hope you're joking... since if you aren't, all those innocent people whose addresses spammers have forged their From: headers as hate you if you aren't.

I do not reply to "innocent people" address! I reply to mails with real domain names and of course I read mail header for actual relay.

As ISP myself I deny all spammers request for spam mail hosting._________________"Yes, I know Linux runs faster, but they can do that because they have thrown out the weight of the airbag, collision frame and safety belt." —Poul-Henning Kamp

1) Colelct list of spammer IPs.
2) DDOS them for 24hrs. Make a program like SETI@HOME to ue unused network traffic to ddos spammers. I'd do it(use the program, i already tried to make one and decided i suck at programming)
3) less spam.

not quite wise :twisted:

i got a box running an smtp server. spammers use that to flood emails until setting up a pop-before-smtp. my point is not every spammer's ip is the really ip of them, they sometimes are also victims

If you aren't gonna secure your mailserver, you are as bad as a spammer. I have no pity. Maybe you'll set it up securely next time. There's a reason most ISPs blick port 25 on home user's accounts._________________Aim:gsfgf0

of course there will always be spamming n00bs who just find an open relay and let loose, but those can be traced back with 0 effort...it's the ones that hack into another machine as a starting point that you have to be careful for.
typically, you rDNS the source, and if it reverses to something significant, its been cracked. otherwise, ddos away _________________<insert witticism here>

Tools like SpamAssassin are OSS you know... People can freely browse through the code to look at the filters...

This is why you ditch SpamAssassin/Razor for bogofilter and run your own db.

A properly trained bogofilter is much better than SpamAssassin because it's trained on the spam that you get, not Somebody Else's Spam.

Furthermore, it doesn't drag your system through the mud like SpamAssassin does. Sorry, but I don't think that any spam package is worth hearing my CPU fan spin up every time my machine pulls mail. That's ridiculous.

Repeat hundreds ..., I avoid write spam and any legible word, so this nasty mail pass through any filter. Sometimes I send mails with and without attachment.

Of course I did that when the mail adress looks valid. Some chinese spammer stoped after a long mail bomb session. The famous africa "win a million dolars" spam, I reply with, "yes, I could help you, pleas call me at xx xx xxxxxxxxx, a valid phone number of my city (police department, ...).

The support@microsoft.com is the traditional M$ virus carrier, and, of course, is not valid.

I know we can't replay the spam mail, so they could know that is a valid mail adress, but I can't resist.

Of course I did that when the mail adress looks valid. Some chinese spammer stoped after a long mail bomb session. The famous africa "win a million dolars" spam, I reply with, "yes, I could help you, pleas call me at xx xx xxxxxxxxx, a valid phone number of my city (police department, ...).

Hmm.. really good idea. _________________"Yes, I know Linux runs faster, but they can do that because they have thrown out the weight of the airbag, collision frame and safety belt." —Poul-Henning Kamp

Absinthe is seriously behind on SpamAssassin. Since at least 2.50 it runs Bayes tests - same as bogofilter. There's probably little difference now. It trains on my particular spam (and ham) quite nicely. I've never noticed the load. Maybe there's a difference if you're a mail gateway or something, but for small LAN's I doubt you can quantify it.
-Jeff

Absinthe is seriously behind on SpamAssassin. Since at least 2.50 it runs Bayes tests - same as bogofilter. There's probably little difference now. It trains on my particular spam (and ham) quite nicely. I've never noticed the load. Maybe there's a difference if you're a mail gateway or something, but for small LAN's I doubt you can quantify it.
-Jeff

This is entirely quantifiable. You should know I only stopped using SpamAssassin entirely (on all boxes) approximately 1 month ago.

The performance difference is significant, and that's because bogofilter is written in C and uses sleepycat as a database engine. This combination is an order of magnitude faster than SpamAssassin's considerably slower perl code.

The bayesian algorithm in SpamAssassin is not the same, nor as tuned as it is in bogofilter (which uses Robinson-Fisher). You would do well to do more research on this subject before suggesting that I'm wrong here.

Any bayesian mail filter is only as good as you train it -- but not all bayesian filters are created equal -- either in how well they work or how fast they work.

Since switching to bogofilter entirely, I have experienced a significant drop in false negatives over SpamAssassin 2.53. bogofilter also runs transparently in the background taking up no CPU at all.

If you haven't noticed then you don't get much mail... or much spam, then SpamAssassin is probably fine for you. If you get as much mail as I do and my organizations do, you need a more adaptable and scalable system -- and bogofilter is it. At least, until something better comes along...